Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1742

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1742
Last Modified 21 May 2009 12:00:00
Published 20 May 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1742

Summary

code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.

Vulnerable Systems

Application

  • Pc4arb Pc4 Uploader 9.0


References

XF - pc4uploader-code-sql-injection(50586)

VUPEN - ADV-2009-1364

BID - 35004

MILW0RM - 8709

SECUNIA - 35122

OSVDB - 54572


Last Updated: 27 May 2016 10:50:39